The controller only reads Secrets that are relevant to Ingress.
We read Secrets with labels that identify a Secret for use by this application. These include: - Secrets for the remote administration of Varnish and haproxy (to authorize use of the Varnish CLI and the dataplane API for haproxy). - Secrets for applications like Basic and Proxy Auth. - The Secret in which PEM files for haproxy are created, and is projected into a volume that haproxy reads. This is how we create TLS material for use by haproxy (which requires that crt and key are concatenated into one file). We also read Secrets with the type field set to "kubernetes.io/tls". These contain the TLS material, and are the Secrets named in an Ingress spec. This has necessitated adding two new informers to the controller, for which the filters are defined.
Showing with 76 additions and 37 deletions